profile
viewpoint
Berkus Decker berkus @twilio Tallinn, Estonia https://metta.systems Developer at @twilio, supporter of @freefeed, timeless leader of @metta-systems

berkus/awesome-embedded-rust 28

Curated list of resources for Embedded and Low-level development in Rust programming language

berkus/anic 5

Automatically exported from code.google.com/p/anic

berkus/AeglBot 3

@AeglBot for Telegram

berkus/backup-my-github 3

Clones all your repositories to your local machine

berkus/Another-World-Bytecode-Interpreter 1

This is an interpreter for Another World (Out of this world)

berkus/apitrace 1

Graphics API Tracing

berkus/awesome-cpp 1

A curated list of awesome C/C++ frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.

berkus/8values.github.io 0

The 8values political quiz

berkus/acess2 0

Acess2 Hobby Operating System

berkus/acme-sac 0

Automatically exported from code.google.com/p/acme-sac

MemberEvent

startedcartazio/safeword

started time in 44 minutes

startedseanchen1991/vcs-rust

started time in an hour

startedJeffreyWay/laravel-mix-tailwind

started time in 7 hours

startedcoolya/action-pr-link

started time in 10 hours

PR opened twilio/TwilioChatJsReactNative

[Snyk] Security upgrade react-native from 0.59.10 to 0.62.0

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 Prototype Pollution <br/>SNYK-JS-Y18N-1021887 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>react-native</b></summary> The new version differs by 250 commits.</br> <ul> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/9101eaf121a32538815043f534111930c9145741">9101eaf</a> [0.62.0] Bump version numbers</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/1f8b698013204a491d6456ae84f587bb892cc99f">1f8b698</a> Pressability: Fix Missing `onLongPress` Gestures</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/f6a8452e7699842c0ef9fcfb58a33a36209a68f9">f6a8452</a> Bump FlipperKit version on iOS to be compatible with react-native-flipper (#28277)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/e8a368c9a0677b788445fc9eabe7c54862a8026d">e8a368c</a> Upgrade Flipper Android to 0.33.1 (#28275)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/83aff2c32f14e1fc441f67afce2fb38d5c2cbab1">83aff2c</a> [0.62.0-rc.5] Bump version numbers</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/e41e146baa077e0da325269fad6d41d04d34ecbd">e41e146</a> Fix toggling between hidden and visible password</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/ba3815feaea1f385e88d58e873094894bb63416d">ba3815f</a> [0.62.0-rc.4] Bump version numbers</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/4bb17944f18e8ecd20633e49ff143f23210cd976">4bb1794</a> Revert "Bump FlipperKit version on iOS to be compatible with react-native-fli… (#28225)"</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/ada73a3549b135cba6b84709add8aa43c8af9fd0">ada73a3</a> Bump FlipperKit version on iOS to be compatible with react-native-fli… (#28225)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/4efa3baf0c8e5d58c2e4fc0b2225390f9bffcfc7">4efa3ba</a> Add xcscheme files back in the template (#28198)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/409551ccd2367f8f40a914440054d7a4698196cf">409551c</a> Try the debug executor before the release executor</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/e16c5cb4bf3544fee44d022497b99f424d269219">e16c5cb</a> If JSC fails to load when starting RN, expose that error to the caller</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/0b6cd69dd42864930a9eb10e92aa35868f45d4d1">0b6cd69</a> Return null when requesting constants for nonexistent View Managers in RN Android</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/d22cc4f2bd11badd46fe928c414c276ce4e339ca">d22cc4f</a> Fix setting keyboardType from breaking autoCapitalize (#27523)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/dfa8fed64b35f50ce9f747964953236d8b514bd0">dfa8fed</a> [0.62.0-rc.3] Bump version numbers</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/be5088401fd8e19d57adda42d275cab437448064">be50884</a> [package] Bump CLI to ^4.2.x</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/26e7d6a06211412a079af746750c5dd9edbfecbb">26e7d6a</a> [package] Bump CLI to ^4.1.x to fix run-android</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/ebb629d056dfa37880d10f3c17542bcc76b8bfb3">ebb629d</a> Resolve localization warnings (#28046)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/2799d677caa9b525e5d13c162c5b56bb097049d1">2799d67</a> @allow-large-files Upgrade Hermes dependency to 0.4.0</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/76604e7c5c07a58197bfe852455af6e0c238fb7d">76604e7</a> Resolve React-RCTText Xcode warning (#28054)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/8aeb5dc7adc7e681e7b9183f9ecc655d4bb06739">8aeb5dc</a> Revert D19235758: Implement onRequestClose for iOS 13+ modals</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/360b53d77fc2f747443de017c5c2944d79c0e638">360b53d</a> Implement TextInput autoFocus natively on iOS (#27803)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/ebfd1bdf6ecca586c8d713d16c1695b3a9ec3326">ebfd1bd</a> fix: resolve Require Cycle warning (#27851)</li> <li><a href="https://snyk.io/redirect/github/facebook/react-native/commit/b0eddefcbbae6610399113a98a7744b1a651c86b">b0eddef</a> remove `xcshareddata` from gitignore (#27563)</li> </ul>

<a href="https://snyk.io/redirect/github/facebook/react-native/compare/c20070f10458d48d6ac1eaac49e681e932bfb9fd...9101eaf121a32538815043f534111930c9145741">See the full diff</a> </details> </details>

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0NWQxOWZiOC05ODQ2LTRmMWMtOWE1OS04OWRkMzdkZWIzNWUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjQ1ZDE5ZmI4LTk4NDYtNGYxYy05YTU5LTg5ZGQzN2RlYjM1ZSJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=react-native&from_version=0.59.10&to_version=0.62.0&pr_id=45d19fb8-9846-4f1c-9a59-89dd37deb35e&visibility=false&has_feature_flag=false" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+2068 -1472

0 comment

2 changed files

pr created time in 10 hours

push eventtwilio/TwilioChatJsReactNative

snyk-bot

commit sha b66e626ee691f7727b8a7fde1c4ca576f973c06c

fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-Y18N-1021887

view details

push time in 10 hours

startedpeekxc/simplextree

started time in 14 hours

startedaws-amplify/amplify-adminui

started time in a day

startedmwalczyk/flow

started time in a day

startedanael-seghezzi/CToy

started time in a day

startedabnerrjo/PlaneDetection

started time in a day

startedpasscod/tomo

started time in a day

startedyenchenlin/awesome-NeRF

started time in a day

startedbmillwood/pointfree

started time in a day

startedgauntface/web-push-book

started time in a day

startedweb-push-libs/web-push-php

started time in a day

startedphip1611/purtel

started time in a day

issue openedrust-lang/wg-allocators

Support for stateless size classes

I've seen >60% resident set size reductions by bypassing the System allocator for large allocations and using mmap directly.

For this purpose I've implemented a global allocator that delegates method calls as follows:

  • alloc for large allocations: mmap
  • alloc for small allocations: System.alloc
  • dealloc for large allocations: munmap
  • dealloc for small allocations: System.dealloc
  • realloc for large->large reallocation: mremap
  • realloc for small->small reallocation: System.realloc
  • realloc for small->large reallocation: mmap + copy + System.dealloc
  • realloc for large->small reallocation: mremap down to the page size

The allocator recognizes if an existing allocation is large or small by inspecting the size stored in the layout. (That's the stateless part.)

Unfortunately, the permissive nature of memory fitting breaks the bold case:

The provided layout.size() must fall in the range min ..= max, where:

  • min is the size of the layout most recently used to allocate the block, and
  • max is the latest actual size returned from alloc, grow, or shrink.

In the bold case above, min would be a small allocation. Therefore, realloc has to return a small allocation. To do this, it has to System.alloc + copy + munmap.

For my usecase in particular (and possibly also the usecases of Vec and such), the following stricter requirement would work:

  • min is the latest actual size returned from alloc, grow, or shrink rounded down to the next multiple of layout.align()

This solution is not great if you want to delegate small allocations to an AllocRef instead of the System allocator. You would have to check if allocations returned by the AllocRef look like large allocations and, if so, replace them by mmap allocations.

created time in a day

PublicEvent

startedultraembedded/FPGAmp

started time in a day

startedfoonathan/lex

started time in a day

created repositoryctz/advent-2020

created time in a day

issue closedrust-lang/wg-allocators

Change parameters of `AllocRef` to take `NonNull<[u8]>, usize` instead of `NonNull<u8>, Layout`

Currently, AllocRef contains those signatures (leaving out _zeroed variants):

fn alloc(Layout) -> Result<NonNull<[u8]>, AllocErr>;
unsafe fn dealloc(&mut self, NonNull<u8>, Layout);
unsafe fn grow/shrink(&mut self, NonNull<u8>, Layout, usize) -> Result<NonNull<[u8]>, AllocErr>;

I like to propose to change those to take NonNull<[u8]> as they also return a slice. Also this would change the Layout parameter to take the alignment instead.

fn alloc(Layout) -> Result<NonNull<[u8]>, AllocErr>;
unsafe fn dealloc(&mut self, NonNull<[u8]>, align: usize);
unsafe fn grow/shrink(&mut self, NonNull<[u8]>, align: usize, new_size: usize) -> Result<NonNull<[u8]>, AllocErr>;

This would also change the Memory fitting safety section wording a bit:

  • The block must be allocated with the same alignment as align, and
  • The provided ptr.len() must fall in the range min ..= max, where:
    • min is the size of the layout most recently used to allocate the block, and
    • max is the latest actual size returned from alloc, grow, or shrink.

The first condition implies, that the alignment has to meet the Layout::from_size_align requirements.

The main advantage is, that one can simply pass a returned pointer back to the allocator, which will always fit the memory block. While this don't lift any safety conditions, it's more safe to use it. For structs storing only a NonNull<T> (like Box), a NonNull<[T]> can still be constructed with NonNull::slice_from_raw_parts(self.0, mem::align_of::<T>()), regardless of the returned ptr.len(), as it was requested with Layout::new<T>().

A minor downside are the parameters in grow and shrink as they take two usizes in a row. While the parameter order should be intuitive, this would be resolved, if we decide to allow reallocation to a different alignment (#5). Then, those methods would look like this:

unsafe fn grow/shrink(&mut self, NonNull<[u8]>, usize, Layout) -> Result<NonNull<[u8]>, AllocErr>;

closed time in a day

TimDiekmann

push eventAndreyG/libgit2cpp

Andrey Davydov

commit sha 7fd98b0bdb37d5d3a5487b69e13f5609f87ce7bc

+ Repository::amend_commit

view details

push time in a day

startedeugenkiss/7guis

started time in 2 days

startedHEnquist/realfft

started time in 2 days

fork m-ou-se/cargo

The Rust package manager

https://doc.rust-lang.org/cargo

fork in 2 days

more